1 /* 2 * Copyright 2024 Google LLC 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions are 6 * met: 7 * 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above 11 * copyright notice, this list of conditions and the following disclaimer 12 * in the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * * Neither the name of Google LLC nor the names of its 16 * contributors may be used to endorse or promote products derived from 17 * this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 package com.google.auth.oauth2; 33 34 import static com.google.auth.oauth2.AwsCredentialsTest.buildAwsImdsv2CredentialSource; 35 import static org.junit.Assert.assertFalse; 36 import static org.junit.Assert.assertTrue; 37 38 import com.google.auth.oauth2.ExternalAccountCredentialsTest.MockExternalAccountCredentialsTransportFactory; 39 import com.google.common.collect.ImmutableList; 40 import java.util.List; 41 import org.junit.Test; 42 import org.junit.runner.RunWith; 43 import org.junit.runners.JUnit4; 44 45 /** Tests for {@link InternalAwsSecurityCredentialsSupplier}. */ 46 @RunWith(JUnit4.class) 47 public class InternalAwsSecurityCredentialsSupplierTest { 48 @Test shouldUseMetadataServer_withRequiredEnvironmentVariables()49 public void shouldUseMetadataServer_withRequiredEnvironmentVariables() { 50 MockExternalAccountCredentialsTransportFactory transportFactory = 51 new MockExternalAccountCredentialsTransportFactory(); 52 53 // Add required environment variables. 54 List<String> regionKeys = ImmutableList.of("AWS_REGION", "AWS_DEFAULT_REGION"); 55 for (String regionKey : regionKeys) { 56 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 57 // AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are always required. 58 environmentProvider 59 .setEnv(regionKey, "awsRegion") 60 .setEnv("AWS_ACCESS_KEY_ID", "awsAccessKeyId") 61 .setEnv("AWS_SECRET_ACCESS_KEY", "awsSecretAccessKey"); 62 InternalAwsSecurityCredentialsSupplier supplier = 63 new InternalAwsSecurityCredentialsSupplier( 64 buildAwsImdsv2CredentialSource(transportFactory), 65 environmentProvider, 66 transportFactory); 67 assertFalse(supplier.shouldUseMetadataServer()); 68 } 69 } 70 71 @Test shouldUseMetadataServer_missingRegion()72 public void shouldUseMetadataServer_missingRegion() { 73 MockExternalAccountCredentialsTransportFactory transportFactory = 74 new MockExternalAccountCredentialsTransportFactory(); 75 76 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 77 environmentProvider 78 .setEnv("AWS_ACCESS_KEY_ID", "awsAccessKeyId") 79 .setEnv("AWS_SECRET_ACCESS_KEY", "awsSecretAccessKey"); 80 InternalAwsSecurityCredentialsSupplier supplier = 81 new InternalAwsSecurityCredentialsSupplier( 82 buildAwsImdsv2CredentialSource(transportFactory), 83 environmentProvider, 84 transportFactory); 85 assertTrue(supplier.shouldUseMetadataServer()); 86 } 87 88 @Test shouldUseMetadataServer_missingAwsAccessKeyId()89 public void shouldUseMetadataServer_missingAwsAccessKeyId() { 90 MockExternalAccountCredentialsTransportFactory transportFactory = 91 new MockExternalAccountCredentialsTransportFactory(); 92 93 // Add required environment variables. 94 List<String> regionKeys = ImmutableList.of("AWS_REGION", "AWS_DEFAULT_REGION"); 95 for (String regionKey : regionKeys) { 96 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 97 // AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are always required. 98 environmentProvider 99 .setEnv(regionKey, "awsRegion") 100 .setEnv("AWS_SECRET_ACCESS_KEY", "awsSecretAccessKey"); 101 InternalAwsSecurityCredentialsSupplier supplier = 102 new InternalAwsSecurityCredentialsSupplier( 103 buildAwsImdsv2CredentialSource(transportFactory), 104 environmentProvider, 105 transportFactory); 106 assertTrue(supplier.shouldUseMetadataServer()); 107 } 108 } 109 110 @Test shouldUseMetadataServer_missingAwsSecretAccessKey()111 public void shouldUseMetadataServer_missingAwsSecretAccessKey() { 112 MockExternalAccountCredentialsTransportFactory transportFactory = 113 new MockExternalAccountCredentialsTransportFactory(); 114 115 // Add required environment variables. 116 List<String> regionKeys = ImmutableList.of("AWS_REGION", "AWS_DEFAULT_REGION"); 117 for (String regionKey : regionKeys) { 118 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 119 // AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are always required. 120 environmentProvider 121 .setEnv(regionKey, "awsRegion") 122 .setEnv("AWS_ACCESS_KEY_ID", "awsAccessKeyId"); 123 InternalAwsSecurityCredentialsSupplier supplier = 124 new InternalAwsSecurityCredentialsSupplier( 125 buildAwsImdsv2CredentialSource(transportFactory), 126 environmentProvider, 127 transportFactory); 128 assertTrue(supplier.shouldUseMetadataServer()); 129 } 130 } 131 132 @Test shouldUseMetadataServer_missingAwsSecurityCreds()133 public void shouldUseMetadataServer_missingAwsSecurityCreds() { 134 MockExternalAccountCredentialsTransportFactory transportFactory = 135 new MockExternalAccountCredentialsTransportFactory(); 136 137 // Add required environment variables. 138 List<String> regionKeys = ImmutableList.of("AWS_REGION", "AWS_DEFAULT_REGION"); 139 for (String regionKey : regionKeys) { 140 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 141 // AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are always required. 142 // Not set here. 143 environmentProvider.setEnv(regionKey, "awsRegion"); 144 InternalAwsSecurityCredentialsSupplier supplier = 145 new InternalAwsSecurityCredentialsSupplier( 146 buildAwsImdsv2CredentialSource(transportFactory), 147 environmentProvider, 148 transportFactory); 149 assertTrue(supplier.shouldUseMetadataServer()); 150 } 151 } 152 153 @Test shouldUseMetadataServer_noEnvironmentVars()154 public void shouldUseMetadataServer_noEnvironmentVars() { 155 TestEnvironmentProvider environmentProvider = new TestEnvironmentProvider(); 156 MockExternalAccountCredentialsTransportFactory transportFactory = 157 new MockExternalAccountCredentialsTransportFactory(); 158 InternalAwsSecurityCredentialsSupplier supplier = 159 new InternalAwsSecurityCredentialsSupplier( 160 buildAwsImdsv2CredentialSource(transportFactory), 161 environmentProvider, 162 transportFactory); 163 assertTrue(supplier.shouldUseMetadataServer()); 164 } 165 } 166